Fall 2018 BearAware Cybersecurity Update

BearAware is Baylor's ongoing effort to create and sustain a technology-empowered academic community that embodies the best in cybersecurity practices. Please take a moment to read the following helpful tips that will help protect our vital data resources and your personal information. Baylor ITS will send these BearAware Cybersecurity Updates once per term, and will send BearAware Alerts as critical cybersecurity threats arise in our community.

If you have cybersecurity concerns, please contact the HELP Desk at (254) 710-4357 (HELP). To keep up with the latest cybersecurity news, follow @bearaware on Twitter and Facebook.

Phishing Attempts on the Rise Again

In the past two weeks over 150 Bear ID accounts were compromised as a result of people being lured in by phishing/spearing attacks. Phish/Spears are email or text messages that appear to be from trusted individuals or institutions that entice you - out of fear or opportunity - to click a link and provide passwords or other personal information. The malicious people behind these attacks gather personal information and passwords to sell or use the information to create credit accounts, shop online or other forms of identity theft.

To protect your personal information, avoid clicking links in email or text messages and be cautious when you provide sensitive, personal information online. Visit Phish Free at blogs.baylor.edu/phishing to see examples of phishing emails that are currently in circulation in the Baylor community and follow @bearaware on Twitter.

Duo Two-Factor Authentication Coming to Baylor Email

One of the primary attack vectors for cybercriminals is email. Compromised email accounts are used to distribute phishing/spearing messages and to access other types of accounts that use the same credentials. Baylor currently uses a single password to protect email accounts. Given the critical vulnerability email accounts present in our cybersecurity infrastructure, Baylor ITS will soon extend Duo two-factor protection to our Baylor email system.

We are currently in the process of testing Duo on our email system with a small group of Baylor users. Once this pilot is complete, we will implement two-factor authentication on email accounts across the university. Be on the lookout for communications in the near future from Baylor ITS regarding this change that will enhance our security and should eliminate some forms of attacks within our community.

Perform Software Update?

The latest Microsoft Windows update patched 60 vulnerabilities, 20 of which were considered Critical. All software, whether on your laptop or smartphone are prone to vulnerabilities. Set a regular schedule (weekly, bi-monthly, or monthly) to perform updates on the operating systems and applications for your personal laptops and other internet-enabled devices. If your Internet browser or another software application prompts you to perform an update, do not simply click "OK" as it could be an exploit trying to lure you into installing malware on your device. Instead, use the update options built into the operating system or application. All Baylor-owned computers are pre-configured to receive "push" updates for Microsoft and Apple operating systems and applications.